技术领域Technical field
本发明涉及计算机科学技术领域,特别涉及为智能控制器安全保障技术,即一种面向智能控制器的三层功能安全监控方法。The invention relates to the field of computer science and technology, and in particular to security assurance technology for intelligent controllers, that is, a three-layer functional safety monitoring method for intelligent controllers.
背景技术Background technique
智能控制器是智能设备中的一种计算机控制单元,通过输入接口、输出接口和通讯接口获取所控制对象的工作状态、工作参数、命令执行结果以及环境数据等信息,执行其内部存储的控制程序,按照预定的控制算法和要求,输出控制信号或者命令,驱动执行结构,实现自动化或智能化控制目标。An intelligent controller is a computer control unit in an intelligent device. It obtains the working status, working parameters, command execution results, environmental data and other information of the controlled object through the input interface, output interface and communication interface, and executes its internally stored control program. , according to the predetermined control algorithm and requirements, output control signals or commands, drive the execution structure, and achieve automated or intelligent control goals.
功能安全指避免由系统功能性故障而导致的不可接受的风险。功能安全关注系统发生故障后进入安全的可控模式,以避免产生更大损失。Functional safety refers to the avoidance of unacceptable risks caused by functional failures of a system. Functional safety focuses on the system entering a safe and controllable mode after a failure to avoid greater losses.
智能控制器在无人系统中有着广泛的应用。随着自主无人系统在工业自动化、机器人技术、航空航天、汽车等众多行业和领域中的高速发展,其运行的核心——智能控制器的功能安全问题也在引发各界关注。但目前尚未有针对智能控制器的功能安全保障机制及方法。Intelligent controllers are widely used in unmanned systems. With the rapid development of autonomous unmanned systems in many industries and fields such as industrial automation, robotics, aerospace, and automobiles, the functional safety issues of intelligent controllers, the core of their operation, are also attracting attention from all walks of life. However, there are currently no functional safety guarantee mechanisms and methods for intelligent controllers.
发明内容Contents of the invention
本发明的目的旨在为智能控制器功能安全提供保障而提出的一种面向智能控制器的三层功能安全监控方法,以形成智能控制器功能安全分层监视框架,可以有效实现智能控制器功能安全分解,避免功能故障造成的风险。The purpose of the present invention is to provide a three-layer functional safety monitoring method for intelligent controllers to provide guarantee for the functional safety of intelligent controllers, so as to form a hierarchical monitoring framework for functional safety of intelligent controllers, which can effectively realize the functions of intelligent controllers. Safe disassembly to avoid risks caused by functional failures.
实现本发明目的的具体技术方案为:The specific technical solutions to achieve the purpose of the present invention are:
一种面向智能控制器的三层功能安全监控方法,包括以下步骤:A three-layer functional safety monitoring method for intelligent controllers, including the following steps:
步骤1:通过传感器向智能控制器的功能层输入数据,通过功能层程序处理数据并将控制指令传递到执行器,从而完成无人系统的自主导航、物体抓取或自主避障任务;Step 1: Input data to the functional layer of the intelligent controller through the sensor, process the data through the functional layer program and transmit the control instructions to the actuator, thereby completing the autonomous navigation, object grabbing or autonomous obstacle avoidance tasks of the unmanned system;
步骤2:向功能监控层输入步骤1相同数据,功能监控层通过程序反馈对比以及图神经网络,共同实时监测智能控制器异常,当监测到异常时提交到智能控制器故障知识图谱中完成故障诊断,并进行自主修复;Step 2: Input the same data as step 1 to the functional monitoring layer. The functional monitoring layer uses program feedback comparison and graph neural network to jointly monitor intelligent controller abnormalities in real time. When an abnormality is detected, it is submitted to the intelligent controller fault knowledge graph to complete fault diagnosis. , and perform autonomous repair;
步骤3:芯片级监控层实时监测智能控制器的硬件运行状态,以及功能监控层的程序运行状态;Step 3: The chip-level monitoring layer monitors the hardware running status of the intelligent controller in real time, as well as the program running status of the functional monitoring layer;
步骤4:当芯片级监控层监测到硬件异常或程序异常且无法修复时,启用外部监控模块为智能控制器提供安全兜底保障。Step 4: When the chip-level monitoring layer detects hardware anomalies or program anomalies that cannot be repaired, the external monitoring module is enabled to provide security protection for the intelligent controller.
步骤1所述功能层程序,包括数据收集、数据决策规划、数据转换及控制指令执行程序以及支持上述功能的控制器上的基础软件,如操作系统和中间件软件等。The functional layer program described in step 1 includes data collection, data decision planning, data conversion and control instruction execution programs, as well as basic software on the controller that supports the above functions, such as operating system and middleware software.
步骤2所述程序反馈对比表示对比分析所述传感器输入数据量的计算是否在合理范围之内,同时比较执行器反馈的计算量以判断程序是否出现异常。The program feedback comparison in step 2 means comparative analysis of whether the calculation of the sensor input data amount is within a reasonable range, and at the same time comparing the calculation amount of the actuator feedback to determine whether there is an abnormality in the program.
步骤2所述图神经网络,将智能控制器看作节点,多个智能控制器的通信看作边,通过深度图神经网络模型GCAADM(GNN based Communication and Attribution AnomalyDetection Model,基于GNN的通信及属性异常检测模型)发现节点的异常以判断智能控制器是否出现安全异常。The graph neural network described in step 2 regards intelligent controllers as nodes and the communication of multiple intelligent controllers as edges. Through the deep graph neural network model GCAADM (GNN based Communication and Attribution AnomalyDetection Model, GNN-based communication and attribute anomalies are Detection model) detects node anomalies to determine whether a security anomaly occurs in the intelligent controller.
步骤2所述智能控制器故障知识图谱基于智能控制器故障诊断领域的数据集,使用BERT和BiLSTM-CRF结合的实体识别框架完成故障实体识别,基于模式匹配进行关系抽取及实体融合,自顶向下完成故障知识图谱的构建,对智能控制器故障进行智能化检修诊断。The intelligent controller fault knowledge graph described in step 2 is based on the data set in the field of intelligent controller fault diagnosis, uses the entity recognition framework combined with BERT and BiLSTM-CRF to complete fault entity identification, and performs relationship extraction and entity fusion based on pattern matching, top-to-bottom Complete the construction of the fault knowledge graph and conduct intelligent maintenance and diagnosis of intelligent controller faults.
步骤2所述进行自主修复是通过限定流量阈值进行限流,当出现异常时及时发出预警信号,并通过唤醒冗余主机及载入备份数据进行自主恢复。The autonomous repair described in step 2 is to limit the flow by limiting the traffic threshold, send out an early warning signal in time when an abnormality occurs, and perform autonomous recovery by waking up the redundant host and loading backup data.
步骤3所述芯片级监控层,通过看门狗监控功能监控层的监测功能程序流是否正常运行,同时通过芯片自检机制完成对硬件运行状态的监测。The chip-level monitoring layer described in step 3 monitors whether the program flow of the monitoring function of the layer is running normally through the watchdog monitoring function, and at the same time completes the monitoring of the hardware operating status through the chip self-test mechanism.
步骤4所述外部监控模块独立于智能控制器主芯片,为外部电源管理芯片,对智能控制器进行独立管理,保证智能控制器仍能进入安全状态。The external monitoring module described in step 4 is independent of the main chip of the smart controller and is an external power management chip that independently manages the smart controller to ensure that the smart controller can still enter a safe state.
本发明的有益效果:Beneficial effects of the present invention:
通过本发明,形成了整个智能控制器的三层功能安全分解框架,有效规避了智能控制器功能安全风险。该三层功能安全监控方法实时监控智能控制器的程序运行状态以及硬件运行状态,并及时针对智能控制器异常进行故障诊断及修复,保证智能控制器正常运行,极大提高了智能控制器的可靠性和稳定性。Through the present invention, a three-layer functional safety decomposition framework of the entire intelligent controller is formed, which effectively avoids the functional safety risks of the intelligent controller. This three-layer functional safety monitoring method monitors the program running status and hardware running status of the smart controller in real time, and performs timely fault diagnosis and repair of smart controller abnormalities to ensure the normal operation of the smart controller and greatly improves the reliability of the smart controller. sex and stability.
附图说明Description of drawings
图1为本发明面向智能控制器的三层功能安全监控方法流程示意图;Figure 1 is a schematic flow chart of the three-layer functional safety monitoring method for intelligent controllers of the present invention;
图2为智能控制器基于GNN的通信和属性异常检测模型(GCAADM,GNN basedCommunication and Attribution Anomaly Detection Model)的框架示意图;Figure 2 is a schematic framework diagram of the GNN based Communication and Attribution Anomaly Detection Model (GCAADM, GNN based Communication and Attribution Anomaly Detection Model) of the intelligent controller;
图3为智能控制器故障诊断知识图谱构建流程图。Figure 3 is a flow chart for building a knowledge graph for fault diagnosis of intelligent controllers.
具体实施方式Detailed ways
以下结合附图及实施例对本发明进行分层、清晰、完整地描述。The present invention will be described in a hierarchical, clear and complete manner below with reference to the accompanying drawings and embodiments.
参阅图1,本发明的一种面向智能控制器的三层功能安全监控方法,包括功能层、功能监控层及芯片级监控层。所述功能层实现智能控制器的基本控制功能;所述功能监控层实时监测智能控制器功能程序的运行状态,通过程序反馈对比以及无监督模式下的网络中节点结构异常和属性异常的检测算法进行异常检测,构建故障知识图谱进行故障诊断并自主修复;所述芯片级监控层通过硬件自检及故障诊断机制监测硬件运行状态和健康情况,保障上层监测功能正常运转,为智能控制器功能安全提供兜底保障。Referring to Figure 1, a three-layer functional safety monitoring method for intelligent controllers of the present invention includes a functional layer, a functional monitoring layer and a chip-level monitoring layer. The functional layer realizes the basic control functions of the intelligent controller; the functional monitoring layer monitors the running status of the intelligent controller functional program in real time, and detects node structure abnormalities and attribute abnormalities in the network through program feedback comparison and unsupervised mode. Carry out anomaly detection, build a fault knowledge graph for fault diagnosis and autonomous repair; the chip-level monitoring layer monitors the hardware operating status and health through hardware self-test and fault diagnosis mechanisms to ensure the normal operation of the upper-layer monitoring function and provide functional safety for the intelligent controller. Provide full protection.
首先,功能层,包括路径规划、自主学习、图像识别等。功能层接收传感器传入的信号数据,通过执行指令调用执行器,从而完成无人系统的自主导航、物体抓取、自主避障等任务。此外,在功能层中主要收集各类传感器输入的信号、执行器反馈的实际输出量以及程序执行过程的日志记录,并将这些数据反馈给功能监控层以进行智能控制器异常检测—故障诊断—自主修复的功能安全保障机制。First, the functional layer, including path planning, autonomous learning, image recognition, etc. The functional layer receives signal data from the sensor and calls the actuator by executing instructions to complete tasks such as autonomous navigation, object grabbing, and autonomous obstacle avoidance of the unmanned system. In addition, the functional layer mainly collects signals input by various sensors, actual outputs fed back by actuators, and log records of the program execution process, and feeds these data back to the functional monitoring layer for intelligent controller anomaly detection—fault diagnosis— Functional safety guarantee mechanism for autonomous repair.
接下来,对功能监控层中针对智能控制器异常检测—故障诊断—自主修复的功能安全保障机制的过程进行清晰、完整地描述。Next, the process of the functional safety assurance mechanism for intelligent controller anomaly detection, fault diagnosis, and autonomous repair in the functional monitoring layer is clearly and completely described.
首先,针对功能监控层的异常检测功能,具体实施方式如下:First, for the anomaly detection function of the functional monitoring layer, the specific implementation method is as follows:
功能监控层的程序反馈对比通过接收和功能层一样的传感器输入数据,分析该输入数据是否处于合理范围内进行计算;同时将该传感器输入数据与执行器反馈的实际输出数据进行对比,判断智能控制器程序是否运行异常。The program feedback comparison of the functional monitoring layer receives the same sensor input data as the functional layer and analyzes whether the input data is within a reasonable range for calculation; at the same time, the sensor input data is compared with the actual output data fed back by the actuator to determine the intelligent control Is the server program running abnormally?
功能监控层的图神经网络监控异常技术手段如下:The technical means of abnormal monitoring using the graph neural network of the functional monitoring layer are as follows:
将智能控制器抽象为图神经网络中的节点,将多个智能控制器间的通信连接抽象为图神经网络中的边,从而得到智能控制器间的有向图神经网络。对于每个智能控制器节点,收集节点的出入度、连接模式等属性信息。Abstract the intelligent controller as a node in the graph neural network, and abstract the communication connections between multiple intelligent controllers as edges in the graph neural network, thereby obtaining a directed graph neural network between intelligent controllers. For each intelligent controller node, collect attribute information such as the node's ingress and egress, connection mode, etc.
参阅图2,图节点结构异常通常指的是在图网络数据中,某个节点的连接或关系模式与其周围的节点相比,显示出不寻常的特征或结构。对于智能控制器图神经网络中的结构异常,通常包括智能控制器表现出系统物联网中数据流量传输异常、控制器离群性等。通过计算每个节点度数的邻居方差判断结构异常。邻居方差越大,意味着该节点与其邻居节点的一致性越低。将节点的邻居节点嵌入向量的方差作为节点的异常得分。方差越大,节点的结构异常得分越高。Referring to Figure 2, abnormal graph node structure usually refers to the connection or relationship pattern of a node showing unusual characteristics or structure compared with its surrounding nodes in graph network data. For structural anomalies in the intelligent controller graph neural network, it usually includes the intelligent controller showing abnormal data traffic transmission in the system Internet of Things, controller outliers, etc. Structural anomalies are judged by calculating the neighbor variance of each node's degree. The larger the neighbor variance, the lower the consistency of the node with its neighbor nodes. The variance of the embedding vectors of a node’s neighbor nodes is taken as the node’s anomaly score. The larger the variance, the higher the structural anomaly score of the node.
图节点上下文异常指的是在图网络数据中,某个节点的连接、属性或行为与其周围节点的上下文相比,显示出不寻常的特征。上下文异常检测侧重于分析节点与其邻居节点之间的关系,以确定某个节点是否在其特定上下文中表现出异常行为或特征。对于智能控制器图神经网络中的上下文异常,可通过对比其他智能控制器,分析判断智能控制器的CPU状态、内存状态等属性是否异常。GCAADM框架中的属性重构模型使用节点的属性向量的重构误差来度量节点的上下文异常程度。Graph node context anomalies refer to the fact that in graph network data, the connections, properties, or behaviors of a node show unusual characteristics compared to the context of its surrounding nodes. Contextual anomaly detection focuses on analyzing the relationship between a node and its neighbor nodes to determine whether a node exhibits unusual behavior or characteristics in its specific context. For contextual anomalies in the intelligent controller graph neural network, you can analyze and determine whether the intelligent controller's CPU status, memory status and other attributes are abnormal by comparing it with other intelligent controllers. The attribute reconstruction model in the GCAADM framework uses the reconstruction error of the node's attribute vector to measure the context anomaly degree of the node.
首先,使用图嵌入技术将节点嵌入到低维空间中,得到节点的嵌入向量。同时,使用GNN模型帮助节点充分学习其邻居的属性信息。将嵌入向量映射回原始属性向量空间,得到重构的属性向量。计算重构属性向量与原始属性向量之间的欧几里得距离,作为节点的异常得分。重构误差越大,表示节点的属性向量与其他节点的属性向量不一致,节点越可能是上下文异常。First, use graph embedding technology to embed nodes into a low-dimensional space to obtain the embedding vector of the node. At the same time, the GNN model is used to help nodes fully learn the attribute information of their neighbors. The embedding vector is mapped back to the original attribute vector space to obtain the reconstructed attribute vector. The Euclidean distance between the reconstructed attribute vector and the original attribute vector is calculated as the anomaly score of the node. The larger the reconstruction error is, it means that the attribute vector of the node is inconsistent with the attribute vectors of other nodes, and the node is more likely to be a context anomaly.
将节点结构异常得分和上下文异常得分结合进行均值归一化,得到最终的异常得分。基于异常得分分析判定当前有异常的智能控制器节点,完成异常检测。The node structure anomaly score and the context anomaly score are combined for mean normalization to obtain the final anomaly score. Based on anomaly score analysis, the intelligent controller node with current anomalies is determined to complete anomaly detection.
其次,参阅图3,针对功能监控层的知识图谱故障诊断功能,具体实施方式如下:Secondly, referring to Figure 3, the knowledge graph fault diagnosis function for the functional monitoring layer is implemented as follows:
针对智能控制器故障数据库原始文本进行数据预处理,完成预处理后进行数据标注,利用BIO标记法完成实体标记。Perform data preprocessing on the original text of the intelligent controller fault database, perform data annotation after completing the preprocessing, and use BIO notation to complete entity tagging.
使用预训练的BERT模型来获取故障单词的嵌入表示。BERT是一种上下文敏感的深度学习模型,它可以为每个单词生成上下文相关的嵌入。对输入文本中的每个故障单词运行BERT,并将其输出用作输入特征。Use the pre-trained BERT model to obtain the embedding representation of the fault word. BERT is a context-sensitive deep learning model that generates context-sensitive embeddings for each word. Run BERT on each faulty word in the input text and use its output as input features.
考虑故障单词的上下文信息,使用BiLSTM模型处理BERT嵌入。BiLSTM将BERT嵌入作为输入序列,并在正向和反向方向上运行LSTM,以获取上下文信息。输出是一个双向LSTM隐藏状态序列,其中每个单词都包含了其前后单词的信息。将BiLSTM的输出作为特征向量,以便后续的CRF层能够对实体进行建模。可以将其他特征,如词性标记或词干信息,与BiLSTM的输出进行组合。Considering the contextual information of the fault word, the BiLSTM model is used to process the BERT embedding. BiLSTM takes BERT embeddings as input sequences and runs the LSTM in forward and reverse directions to obtain contextual information. The output is a bidirectional LSTM hidden state sequence, where each word contains information about the words before and after it. The output of BiLSTM is used as a feature vector so that the subsequent CRF layer can model the entity. Other features, such as part-of-speech tags or stemming information, can be combined with the output of BiLSTM.
使用CRF层对NER任务进行建模。CRF是一种序列标记模型,它可以捕捉标签之间的依赖关系。CRF层采用BiLSTM的输出和其他特征,以及标签转移概率,来为输入序列中的每个单词分配标签。通过解码器算法(例如维特比算法)找到最可能的标签序列。Model the NER task using CRF layers. CRF is a sequence tagging model that captures dependencies between tags. The CRF layer takes the output of BiLSTM and other features, as well as label transition probabilities, to assign a label to each word in the input sequence. Find the most likely sequence of tags via a decoder algorithm (e.g. Viterbi algorithm).
使用训练集对整个BERT-BiLSTM-CRF模型进行训练,通过最大似然估计损失函数来优化模型参数。模型的参数包括BERT的权重、BiLSTM的权重和CRF的标签转移矩阵。The entire BERT-BiLSTM-CRF model is trained using the training set, and the model parameters are optimized by maximum likelihood estimation of the loss function. The parameters of the model include the weights of BERT, the weights of BiLSTM and the label transfer matrix of CRF.
使用验证集来评估模型性能,根据故障实体识别准确率性能指标进行模型调整。在测试集上进行性能测试,评估模型的NER性能。Use the validation set to evaluate model performance, and adjust the model based on the fault entity recognition accuracy performance index. Conduct performance tests on the test set to evaluate the NER performance of the model.
至此,完成了BERT-BiLSTM-CRF模型的训练,可以高效识别智能控制器故障文本中的实体。At this point, the training of the BERT-BiLSTM-CRF model has been completed, and entities in the intelligent controller fault text can be efficiently identified.
接下来,进行基于规则的实体关系抽取。首先,定义智能控制器故障关系,见表1所示:Next, perform rule-based entity relationship extraction. First, define the fault relationship of the intelligent controller, as shown in Table 1:
表1Table 1
根据上表关系,可以将BERT-BiLSTM-CRF模型提取出的实体连接起来形成三元组,再通过Neo4j图数据库对获取的关系三元组进行存储,即可完成智能控制器故障知识图谱的构建。According to the relationship in the above table, the entities extracted from the BERT-BiLSTM-CRF model can be connected to form triples, and then the obtained relationship triples can be stored through the Neo4j graph database to complete the construction of the intelligent controller fault knowledge graph. .
最后,针对智能控制器功能监控层的自主修复功能,具体实施方式如下:Finally, for the autonomous repair function of the intelligent controller function monitoring layer, the specific implementation method is as follows:
(1)自动故障诊断:智能控制器能够通过上述故障知识图谱或传感器监测系统各个部件的运行状态,识别潜在的故障点或异常现象。(1) Automatic fault diagnosis: The intelligent controller can monitor the operating status of each component of the system through the above-mentioned fault knowledge map or sensors to identify potential fault points or abnormal phenomena.
(2)自主策略:基于诊断结果,智能控制器自主选择合适的修复策略,如重新配置系统参数、调整控制逻辑、切换备用部件或启动备用系统。(2) Autonomous strategy: Based on the diagnosis results, the intelligent controller autonomously selects an appropriate repair strategy, such as reconfiguring system parameters, adjusting control logic, switching spare parts or starting a backup system.
(3)远程监控和远程操作:智能控制器与远程监控系统集成,允许工程师或运维人员远程监控和干预。远程操作可以包括远程重启、远程重置或远程调整控制参数。(3) Remote monitoring and remote operation: The intelligent controller is integrated with the remote monitoring system, allowing engineers or operation and maintenance personnel to monitor and intervene remotely. Remote operations can include remote restart, remote reset or remote adjustment of control parameters.
(4)备份和冗余:智能控制器具备冗余和备份机制,以便在出现问题时有替代方案可供选择,包括备用硬件、备份服务器、冗余传感器等。(4) Backup and redundancy: Intelligent controllers have redundancy and backup mechanisms so that alternatives are available when problems occur, including backup hardware, backup servers, redundant sensors, etc.
(5)反馈机制:智能控制器监测修复操作的效果,并根据实际情况做出进一步的调整和决策。通过修复反馈机制帮助智能控制器反馈学习,提高自主修复的效率及准确性。(5) Feedback mechanism: The intelligent controller monitors the effect of the repair operation and makes further adjustments and decisions based on the actual situation. The repair feedback mechanism helps the intelligent controller feedback learning and improves the efficiency and accuracy of autonomous repair.
功能监控层监测并保障功能层的程序安全进行,而芯片级监控层则保障了功能监控层的监测程序正常进行,具体实施方式如下:The functional monitoring layer monitors and ensures the safe execution of the functional layer's programs, while the chip-level monitoring layer ensures the normal execution of the functional monitoring layer's monitoring programs. The specific implementation methods are as follows:
首先通过以下方式完成硬件芯片的自检功能,芯片通常具有自检引导程序,用于启动自检过程。引导程序通常位于芯片的特定地址或存储器区域:First, the self-test function of the hardware chip is completed in the following way. The chip usually has a self-test boot program to start the self-test process. The bootloader is usually located at a specific address or memory area of the chip:
(1)电源管理:确保芯片正确连接并供电。首要任务是确保芯片正常接收电源,并且电压电流在可接受范围内。(1) Power management: Make sure the chip is properly connected and powered. The first task is to ensure that the chip is receiving power normally and that the voltage and current are within an acceptable range.
(2)时钟和时序检查:确保芯片的时钟信号正常工作,没有时钟延迟或时序问题。检查时钟频率和相位是否在规定范围内。(2) Clock and timing check: Ensure that the chip’s clock signal is working properly and there are no clock delays or timing issues. Check whether the clock frequency and phase are within the specified range.
(3)核心功能检测:检查芯片的核心功能,包括处理器核心、输入输出接口、存储器等。(3) Core function detection: Check the core functions of the chip, including processor core, input and output interfaces, memory, etc.
运行基本的功能性测试。Run basic functional tests.
(4)存储器自检:检测芯片的内部存储器,包括寄存器文件、缓存和RAM。内存自检可以包括读写测试,以确保存储器单元正常工作。(4) Memory self-test: Detect the chip’s internal memory, including register files, cache and RAM. Memory self-tests can include read and write tests to ensure the memory cells are functioning properly.
(5)通信接口自检:检查芯片的通信接口,如UART、SPI、I2C等。发送和接收测试数据以验证通信的可靠性。(5) Communication interface self-test: Check the communication interface of the chip, such as UART, SPI, I2C, etc. Send and receive test data to verify the reliability of communications.
(6)输入输出端口自检:检查输入输出端口,确保与外部设备的连接正常。通常会发送和接收一些测试信号以验证端口功能。(6) Input and output port self-test: Check the input and output ports to ensure that the connection with external devices is normal. Typically some test signals are sent and received to verify port functionality.
(7)故障检测:芯片自检可能包括故障检测,用于检测硬件故障。这可以包括开路、短路、电压异常等检测。(7) Fault detection: Chip self-test may include fault detection to detect hardware faults. This can include detection of open circuits, short circuits, voltage anomalies, etc.
(8)性能评估:测试性能参数,如运行速度、功耗等,以确保在规格范围内。(8) Performance evaluation: Test performance parameters, such as operating speed, power consumption, etc., to ensure that they are within the specifications.
(9)日志和报告:自检过程中的任何错误或异常情况都应记录在日志中。生成自检报告,以便制造商或维护人员查看自检结果。(9) Logs and reports: Any errors or abnormalities during the self-test should be recorded in the log. Generate a self-test report so that manufacturers or maintenance personnel can review the self-test results.
(10)错误处理:如果在自检中发现了问题,通常需要采取措施来处理这些问题,例如修复硬件故障或调整芯片配置。(10) Error handling: If problems are found during self-test, measures usually need to be taken to deal with these problems, such as repairing hardware faults or adjusting chip configuration.
其次,对于智能控制器芯片级监控层中的程序流检查,利用看门狗机制监视系统运行状态并保证功能监控层的监测程序正常进行。流程如下:Secondly, for the program flow inspection in the chip-level monitoring layer of the intelligent controller, the watchdog mechanism is used to monitor the system operating status and ensure that the monitoring program of the functional monitoring layer proceeds normally. The process is as follows:
首先,在智能控制器系统启动时,对看门狗进行初始化配置,包括设置看门狗的定时器时长、启用或禁用看门狗等。完成初始化配置后启动看门狗。First, when the intelligent controller system starts, initialize the watchdog configuration, including setting the watchdog timer duration, enabling or disabling the watchdog, etc. Start the watchdog after completing the initial configuration.
在智能控制器系统程序运行过程中,按照配置的定时器时间定时执行“喂狗”操作,即定时通过函数调用或者代码指令重置看门狗的定时器。During the running of the intelligent controller system program, the "dog feeding" operation is performed regularly according to the configured timer time, that is, the watchdog timer is reset periodically through function calls or code instructions.
当在配置的定时器时间内没有完成“喂狗”操作,智能控制器可能出现了死锁。看门狗触发异常处理操作,包括控制器系统重启、记录相关运行日志、向外部发出预警等。当智能控制器系统恢复正常时,需重新配置看门狗设定,继续监视系统正常运行。When the "dog feeding" operation is not completed within the configured timer, the intelligent controller may be deadlocked. The watchdog triggers exception handling operations, including restarting the controller system, recording relevant operating logs, and issuing early warnings to the outside. When the intelligent controller system returns to normal, the watchdog settings need to be reconfigured to continue monitoring the normal operation of the system.
最后,对于智能控制器芯片级监控层的兜底保障,利用集成看门狗的电源管理芯片实现外部监控模块。使用该电源管理芯片可以独立管理智能控制器的电源供应,当芯片级监控层也出现故障,智能控制器整体已无法保证功能安全时,该电源管理芯片可以独立关断或重启智能控制器系统,保障智能控制器处于安全状态。Finally, for the complete protection of the chip-level monitoring layer of the intelligent controller, the power management chip with integrated watchdog is used to implement the external monitoring module. The power management chip can be used to independently manage the power supply of the smart controller. When the chip-level monitoring layer also fails and the smart controller as a whole cannot guarantee functional safety, the power management chip can independently shut down or restart the smart controller system. Ensure that the intelligent controller is in a safe state.
实施例Example
三层功能安全监控方法流程如图1所示。The flow of the three-layer functional safety monitoring method is shown in Figure 1.
首先,传感器读入数据,在功能层完成输入数据的计算,并将计算完成的数据输出到执行器中。First, the sensor reads the data, completes the calculation of the input data at the functional layer, and outputs the calculated data to the actuator.
其次,在功能监控层中,对比分析上述输入量的计算是否在合理范围之内,同时比较执行器反馈的计算量,如发现异常,提交到知识图谱故障诊断中。与此同时,利用基于GNN的通信和属性异常监测模型GCAADM自主进行异常检测,发现异常则同样提交知识图谱故障诊断。Secondly, in the functional monitoring layer, the calculation of the above input quantities is compared and analyzed to see whether it is within a reasonable range, and the calculation amount fed back by the actuator is compared. If an abnormality is found, it is submitted to the knowledge graph fault diagnosis. At the same time, the GNN-based communication and attribute anomaly monitoring model GCAADM is used to independently detect anomalies. If anomalies are found, the knowledge graph fault diagnosis is also submitted.
在知识图谱故障诊断中,通过实体识别及查询完成智能故障诊断,进行智能控制器的自主修复。自主修复可以采用多种方法,如重新配置系统参数、调整控制逻辑、切换备用部件或启动备用系统等。当上述方法失效后,尝试进行冗余备份替换,如替换为备用硬件、备份服务器、冗余传感器等。如若功能监控层自主修复失败,向相关人员发出预警,允许工程师远程监控与操作。In the knowledge graph fault diagnosis, intelligent fault diagnosis is completed through entity recognition and query, and the intelligent controller is automatically repaired. Autonomous repair can use a variety of methods, such as reconfiguring system parameters, adjusting control logic, switching spare parts, or starting backup systems. When the above method fails, try to replace it with redundant backup, such as replacing it with backup hardware, backup servers, redundant sensors, etc. If the function monitoring layer fails to self-repair, an early warning will be sent to relevant personnel, allowing engineers to monitor and operate remotely.
在芯片级监控层中,通过看门狗监控功能监控层的监测功能程序流是否正常运行。同时通过芯片自检等机制完成对硬件运行状态的监测,避免外界环境或物理因素影响智能控制器系统运行。如若硬件失效或芯片级监控层功能失效,则外报给外部监控模块,启用独立控制保证智能控制器进入安全状态。In the chip-level monitoring layer, the watchdog monitoring function monitors whether the monitoring function program flow of the layer is running normally. At the same time, the monitoring of the hardware operating status is completed through mechanisms such as chip self-test to avoid external environment or physical factors from affecting the operation of the intelligent controller system. If the hardware fails or the chip-level monitoring layer function fails, it will be reported to the external monitoring module and independent control will be enabled to ensure that the intelligent controller enters a safe state.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311399064.9ACN117289681A (en) | 2023-10-26 | 2023-10-26 | Three-layer functional safety monitoring method for intelligent controller |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311399064.9ACN117289681A (en) | 2023-10-26 | 2023-10-26 | Three-layer functional safety monitoring method for intelligent controller |
| Publication Number | Publication Date |
|---|---|
| CN117289681Atrue CN117289681A (en) | 2023-12-26 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311399064.9APendingCN117289681A (en) | 2023-10-26 | 2023-10-26 | Three-layer functional safety monitoring method for intelligent controller |
| Country | Link |
|---|---|
| CN (1) | CN117289681A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117873034A (en)* | 2024-01-02 | 2024-04-12 | 武汉品致汽车技术有限公司 | Intelligent extraction method and device based on double-model fault diagnosis information |
| CN119356197A (en)* | 2024-12-26 | 2025-01-24 | 山西汇瑞天地科技有限公司 | Industrial Internet security monitoring system and method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108845577A (en)* | 2018-07-13 | 2018-11-20 | 武汉超控科技有限公司 | A kind of embedded auto-pilot controller and its method for safety monitoring |
| CN110308732A (en)* | 2019-07-25 | 2019-10-08 | 北京智行者科技有限公司 | The fault detection method and auto-pilot controller of auto-pilot controller |
| CN113173078A (en)* | 2021-04-19 | 2021-07-27 | 联合汽车电子有限公司 | Monitoring system, monitoring method and readable storage medium for realizing electronic parking function based on motor controller |
| CN114139274A (en)* | 2021-10-21 | 2022-03-04 | 浙江大立科技股份有限公司 | Health management system |
| CN114537156A (en)* | 2020-11-27 | 2022-05-27 | 北京新能源汽车股份有限公司 | Controller framework and electric automobile |
| CN114970508A (en)* | 2022-05-17 | 2022-08-30 | 国网浙江省电力有限公司电力科学研究院 | Method and device for power text knowledge discovery based on data multi-source fusion |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108845577A (en)* | 2018-07-13 | 2018-11-20 | 武汉超控科技有限公司 | A kind of embedded auto-pilot controller and its method for safety monitoring |
| CN110308732A (en)* | 2019-07-25 | 2019-10-08 | 北京智行者科技有限公司 | The fault detection method and auto-pilot controller of auto-pilot controller |
| CN114537156A (en)* | 2020-11-27 | 2022-05-27 | 北京新能源汽车股份有限公司 | Controller framework and electric automobile |
| CN113173078A (en)* | 2021-04-19 | 2021-07-27 | 联合汽车电子有限公司 | Monitoring system, monitoring method and readable storage medium for realizing electronic parking function based on motor controller |
| CN114139274A (en)* | 2021-10-21 | 2022-03-04 | 浙江大立科技股份有限公司 | Health management system |
| CN114970508A (en)* | 2022-05-17 | 2022-08-30 | 国网浙江省电力有限公司电力科学研究院 | Method and device for power text knowledge discovery based on data multi-source fusion |
| Title |
|---|
| 吴凯: "面向功能安全ECU监控系统的设计与实现", 中国优秀硕士学位论文全文数据库信息科技辑, no. 03, 15 March 2016 (2016-03-15), pages 140 - 1208* |
| 张丽: "基于E-Gas架构的汽车变速器控制系统功能安全设计", 2022中国汽车工程学会年会论文集, 22 November 2022 (2022-11-22), pages 1 - 4* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117873034A (en)* | 2024-01-02 | 2024-04-12 | 武汉品致汽车技术有限公司 | Intelligent extraction method and device based on double-model fault diagnosis information |
| CN119356197A (en)* | 2024-12-26 | 2025-01-24 | 山西汇瑞天地科技有限公司 | Industrial Internet security monitoring system and method |
| Publication | Publication Date | Title |
|---|---|---|
| CN117289681A (en) | Three-layer functional safety monitoring method for intelligent controller | |
| CN113377567B (en) | A distributed system fault root cause tracing method based on knowledge graph technology | |
| US10733536B2 (en) | Population-based learning with deep belief networks | |
| CN115562158A (en) | A method, system and terminal for intelligent diagnosis of CNC machine tools driven by digital twins | |
| CN112231134B (en) | Fault processing method and device for neural network processor, equipment and storage medium | |
| CN112506690B (en) | Method and device for controlling processor | |
| CN112487058A (en) | Numerical control machine tool fault monitoring and diagnosing system based on data mining | |
| CN116974347A (en) | Data processing method, device, equipment and storage medium | |
| CN109581995B (en) | Intelligent diagnosis system and method | |
| CN118897688B (en) | A software-defined satellite error correction method based on large model knowledge graph guidance | |
| CN114299338B (en) | Fault prediction and health management system for system management and related methods | |
| CN116069606B (en) | Software system performance fault prediction method and system | |
| CN114943281A (en) | Intelligent decision-making method and system for heat pipe cooling reactor | |
| CN119494467B (en) | A knowledge graph-based method for energy system fault prediction | |
| CN116049642A (en) | Fault diagnosis method, system, electronic equipment and computer storage medium | |
| CN120256178A (en) | A storage hard disk remote diagnosis system and method based on the Internet of Things | |
| CN118820755A (en) | A multivariable fault detection method, device, medium and computing device | |
| Georgoulopoulos et al. | A survey on hardware failure prediction of servers using machine learning and deep learning | |
| Fan et al. | Research on embedded PLC control system fault diagnosis: a novel approach | |
| CN118885349B (en) | Target uncorrectable fault prediction model training method and related equipment | |
| CN120106231B (en) | Cooling fan fault root cause diagnosis method based on multi-scale causal analysis | |
| KR101347748B1 (en) | Autonomic computing apparatus and method in cyber physical systems | |
| CN119270829B (en) | Method, computing device, storage medium and program product for determining a fault condition of an industrial system | |
| CN118572890B (en) | Method, device and computer equipment for automatically checking operation information of equipment startup | |
| RU2818858C1 (en) | Method for diagnosing a complex of on-board equipment of aircraft based on unsupervised machine learning with automatic determination of model training parameters |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |